don't follow link in nisibori Free Software ?

Petr Kuzmic pkuzmic at biokin.com
Mon Aug 4 14:30:37 EST 1997


Gary Sheldon Thompson wrote:

> (deleted) ... when i followed the
> link in the mail message I recieved the following web page:
>
> your access from bmbsgi14.leeds.ac.uk [129.11.141.43] has been
> logged.
> this log can and will be used against you.

This is probably a prank, possibly someone very young (in their mind)
learning PERL and/or CGI.

I am only a beginner (wrote about three or four PERL scripts), but I
already know that this kind of a thing can be done very easily in
several lines of computer code. If I went insane, or regressed to the
fourth-grade level wanting to scare people (who are not computer
programmers), I could write a page like that infamous
http://169.132.45.225 in about ten minutes.

The reason I say it's a prank is the "this log can and will be used
against YOU".  You see, there is (fortunately) absolutely no way for
anyone to know which PERSON actually used the server
bmbsgi14.leeds.ac.uk [129.11.141.43] at any given time. There is no
camera hidden in the computer screen, watching you sitting down to work.

In other words, to make a long story short, don't worry about this
idiotic indicent too much.  It is  much less threatening than when
people send viruses to delete data on your disk.

Petr Kuzmic


_______________________________________________________

P.S.:

For example, here is how you can write into a file that sits on your own
server who (that is, which SERVER) is browsing:

# ******** BEGIN EXCERPT *********

# Some of Perl's network info functions
# -------------------------------------
($part1,$part2,$part3,$part4)=split(/\./,$ENV{REMOTE_ADDR});
$IP_adr=pack("C4",$part1,$part2,$part3,$part4);
($host_name)=(gethostbyaddr("$IP_adr", 2));

# open log file for output and append new log data
# skip all hits that originated in my own server
# ------------------------------------------------
$idx = index $host_name, $myownhost;
if ($idx eq (-1)) {
 open (LOGFILE, ">>$logfile");
 print LOGFILE "$host_name \t ";
 print LOGFILE "$ENV{'DOCUMENT_URI'} \t " if $log_page;
 print LOGFILE "$ENV{'HTTP_REFERER'} \t ";
 print LOGFILE "$ENV{'HTTP_USER_AGENT'} \t ";
 print LOGFILE "$ENV{REMOTE_ADDR} \t " if $log_IP;
 print LOGFILE "$datetime \t ";
 print LOGFILE "\n";
 close (LOGFILE);
}
# ******** ENDEXCERPT *********

The fragment above is sitting on the server in a file called for example
"hitlog.pl" or "hitlog.cgi".  You make it an executable file by using
the Unix function "chmod".  Then you include the following code into a
page that you want to have logged, say
http://www.stupid_joke.com/trap_for_perl_newbies.htm:

<!--#exec cgi="some_directory/hitlog.cgi"-->

At this point, if anyone accesses the page the PERL script sitting on
the server can "write" a new HTML page and display it in your browser.






More information about the Bio-soft mailing list